OSCP vs OverTheWire Bandit/Natas

Dear All,
I am planning to register for PWK/OSCP after a month or two. As a preparation I started working on OverTheWire Bandit and Natas. My progress is good. Completed 22 levels in Bandit as of now. Only for 2-3 levels have searched in google for help or hints, remaining have solved myself without much sweating.
So, Have question: in Bandit we will have hint or suggestions at the overthewire website. But in OSCP also we have any hints/suggestions to get the root or move forward. I heard like #offsec channel will help out. But now #offsec is not live.
So please let me know how we can compare OSCP vs bandit in difficulty wise.

Comments

Just a question.....why are you comparing the PWK course with OverTheWire? The PWK course is a pen testing course using different tools and skill sets while OverTheWire is just a few puzzles you have to solve using Linux commands. There is absolutely no comparison between the two. OverTheWire will help you sharpen your Linux skills needed for OSCP but by no means is enough to prepare you for the OSCP exam.

I suggest you take a look at the PWK course syllabus and prep on the subjects contained in the PWK course and forget OverTheWire for now.

I agree with BuzzSaw. You wont find many OSCP's that will give hints on the exam or labs. To be honest you should not even be looking for "hints" if you are looking at taking OSCP. Even the "hints" provided by OffSec are hit or miss (most of the time miss) on if there even useful or not. Any hints you many find online about the lab environment are most likely outdated. The lab I went through had 2 revisions just during the time I took it due to someone leaking hints. OffSec seems to not like hints being given out and will actively stop it either by revamping the lab or canceling someones OSCP certification if found to have provided information about the exam.

The hints you are referring to would really only be in the Student forum you gain access to after you start the course. However these are heavily monitored and edited after posted to avoid any spoiling anything.

OSCP should not be considered entry level and compared to any other cert as nothing compares to it. There are no hints on OSCP, while there are some they are rarely useful. Example: ____ is laughing at you. That does not help you too much to determine how to solve it. In addition during the labs only admins are able to provide hints without spoiling it, and they will only do that if you have spent significant amount of time and really tried hard to obtain all necessary information. If you have not done so, they will just tell you to try harder which is what you should have done in the first place. On the exam you cannot get help or hints from anyone, if someone does so both you and they will lose all of their certification and will be unable to take any more courses from offsec.

As mentioned already, you will not get any hints from the offsec staff unless you have shown that you have in fact tried harder. This course is designed to make you think outside of the box, and to figure things out on your own. Its challenging, but can be accomplished.

There is a significant amount of clues in the student forums to get you on the right path; especially for the easier machines. There is even one machine that has full walk through by Offsec. So you do have a chance to get your feet wet and develop your own methodology before diving in.

Highly recommend you look over the following topics before taking the course:

-programming/scripting (know how to read code - this is important for full understanding; although you can piece together working code, if you haven't written and debugged code before you won't easily understand why something doesn't work perhaps because of basic syntax or object logic). Take a python course. should probably know javascript/c/java/sql in that order if you have time.

optional(some can be done before and some can be done during course as necessary):
-buffer overflow
-assembly language
-shellcoding
-powershell
-privilege escalation

That being said even if you have practiced all the skills and have the prerequisite knowledge, the course will not be easy...you will be googling...a lot. But everyone is in the same boat pretty much unless you have lots of prior experience. So once your ready have at it and GL.

That's good to know at least I have one machine walk-through by offsec. So I can know what to expect in the next machines, difficulty may varies but ultimate goal will be the same.

Highly recommend you look over the following topics before taking the course:

-programming/scripting (know how to read code - this is important for full understanding; although you can piece together working code, if you haven't written and debugged code before you won't easily understand why something doesn't work perhaps because of basic syntax or object logic). Take a python course. should probably know javascript/c/java/sql in that order if you have time.

Yes, I am comfortable in reading code and understanding it.
I wrote few python scripts earlier, so those indentation, formatting, modules etc i am aware of.

-web attacks ---Working in Web and mobile Security aspects. So XSS, SQLinjection, Directory traversal, etc i am well aware of. This helps i think. -traffic analysis (all layers i.e. wireshark, tcpdump, understanding what happens at the field level of most common protocols) ---[FONT=&quot]Worked with Wireshark several time, but not the TCPdump. have good understanding in OSI layers.[/FONT]
-Read/Decode hex. Binary is even better! ---Working with hex is new to me. need to learn more here.
-windows/linux security and os fundamentals --- Know few basic security concepts like file permissions, password storage, etc concepts. Need to deep dive in.
-basic windows/linux command line commands/navigation/log file analysis --- I am little bit more comfortable in Linux terminal commands compare to powershell. Need to introspect.
-basic bash scripting -- Intermediate

optional(some can be done before and some can be done during course as necessary):
-buffer overflow --- little bit hands on here. Tried Corelan Simple buffer overflow. Followed the same steps, understood the basic BOF concepts. Need to implement on other vulnerable apps to learn more.
-assembly language -- New to this. very limited knowledge
-shellcoding -- Same here as Assembly language.
-powershell ---Same here.
-privilege escalation ---Same here as Assembly language.

More over I just enrolled for 60days lab yesterday. I will start my journey on Dec 3rd. I think 90 days should have been better for my current knowledge. But due to other commitments i am not able to enroll for 90 days. Will give a try after 60 days of 100% efforts. Else will enroll for 30 days extension after a month or two.